SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

[Forgot Password]

Paid content will be excluded from the download.

Download | Alert*

CVE

CVE-2008-3104

Date: (C)2008-07-09 (M)2023-12-22

Multiple unspecified vulnerabilities in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allow remote attackers to violate the security model for an applet's outbound connections by connecting to localhost services running on the machine that loaded the applet.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1020459

http://marc.info/?l=bugtraq&m=122331139823057&w=2

http://www.securityfocus.com/archive/1/497041/100/0/threaded

SUNALERT-238968

APPLE-SA-2008-09-24

SUSE-SA:2008:042

SUSE-SA:2008:043

SUSE-SA:2008:045

SUSE-SR:2008:028

SUSE-SR:2009:010

http://support.apple.com/kb/HT3178

http://support.apple.com/kb/HT3179

http://support.avaya.com/elmodocs2/security/ASA-2008-428.htm

http://support.avaya.com/elmodocs2/security/ASA-2008-507.htm

http://support.avaya.com/elmodocs2/security/ASA-2008-509.htm

http://www.vmware.com/security/advisories/VMSA-2008-0016.html

oval:org.mitre.oval:def:9565

sun-jre-unspecified-security-bypass(43662)

cpe:/a:sun:jre:1.3.1_03
cpe:/a:sun:jre:1.3.1_04
cpe:/a:sun:jre:1.3.1_05
cpe:/a:sun:jre:1.3.1_06
...

oval:org.secpod.oval:def:9215

© SecPod Technologies